Type File virus
Date Discovered 1987.10
Place of Origin Germany, Switzerland?
Source Language Assembly
Platform DOS
File Type(s) .com
Infection Length 1,701 bytes
Reported Costs

Cascade is an early virus with the interesting payload of causing characters to fall to the bottom of the screen. The "falling letters" effect was copied in subsequent viruses such as Swap and Traceback. It was coded to avoid IBM computers, but because of a coding mistake, failed at this and managed to infect an entire IBM office.


When a Cascade-infected file is introduced to a system and executed, the virus checks the BIOS for the string, "COPR. IBM", an IBM copyright notice in the BIOS. If it finds the string, it will try, but fail, to stop there, then the virus becomes memory resident. Every time a .com file is run, the virus begins to infect it. It replaces the first three bytes of the new host file with code that points to the virus code. The virus places the original first three bytes of the host in its own code.

Cascade's payload

Cascade's payload is executed when an infected file is run between October 1 and December 31 in 1988. It causes the characters on a DOS screen to randomly fall to the bottom in a heap of numbers and letters. It may also cause some noise.


The Cascade virus spawned about 40 variants. A few of them are attempts by the creator to correct the bug that allows it to infect IBM computers, but it is never completely fixed and these variants infect the IBM computers anyway. The third variant replaces the falling text payload with one that formats the hard drive. Others simply have a different length or contain a message in the virus body.


Ironically the virus not only infected some IBM computers, it infected nearly an entire IBM office in Belgium. This prompted IBM to publicly release its antivirus product, where it was previously only available for the company to use.

It was also accidentally released in an issue of PC Benelux World. The details of the incident have been lost, aside from the fact that it happened.

Other Facts

McAfee reports that Cascade was originally a trojan and allegedly the viral part was added in late 1987. the trojan was designed to turn off the capslock when the computer first starts and the falling characters were an accident. In spite of the fact that this has been supposedly reported by antivirus experts, it still seems that the story is a bit unlikely.

An episode of a Star Trek spinoff features a virus named Cascade.


Reports collected and collated by PC-Virus Index

Peter Szor. The Art of Computer Virus Research and Defense, pp 24, 53, 59, 298. Addison-Wesley, Pearson Education, Symantec Press; Upper Saddle River, New Jersey: 2005. ISBN: 0321304543.

Mikko Hypponen. F-Secure Antivirus, F-Secure Virus Descriptions : Cascade

Kaspersky Lab., History of Malware 1987.

Inam Abidi Amrohvi. Gulf News, The evolution of computer viruses. 2008.03.09, Certified Pre-0wned.

The Full Wiki, USS Malinche (NCC-38997): Misc.

Unless otherwise stated, the content of this page is licensed under Creative Commons Attribution-NonCommercial-ShareAlike 3.0 License